Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance.
The vulnerability stems from the presence of factory-set cryptographic keys in the device software (CWE-1394 — use of hardcoded cryptographic keys). An attacker with knowledge of these keys can establish a remote communication session with the device without needing to provide credentials. This mechanism allows for reading, modifying, and writing projects and data, as well as accessing any device through remote maintenance.
An attacker can gain full, unauthorized access to the device — read, modify, and write projects and configuration data, as well as take control of devices within remote service maintenance, which in an industrial environment (OT/ICS) can lead to disruption or sabotage of automation processes.
Patches available from the manufacturer should be applied according to the references (https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2511042_de.pdf). Until the fix is deployed, it is recommended to isolate the network in which the devices operate, restrict access to management and remote maintenance ports exclusively to authorized hosts, and disable remote service maintenance functionality if it is not essential.
Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 (firmware versions indicated in the manufacturer's references)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSprecher Automation Sprecon E C
HWSprecher-Automationwszystkie wersjeSprecher Automation Sprecon E C Firmware
OSSprecher-Automationwszystkie wersjeSprecher Automation Sprecon E P
HWSprecher-Automationwszystkie wersjeSprecher Automation Sprecon E P Firmware
OSSprecher-Automationwszystkie wersjeSprecher Automation Sprecon E T3
HWSprecher-Automationwszystkie wersjeSprecher Automation Sprecon E T3 Firmware
OSSprecher-Automationwszystkie wersje
Related vulnerabilities
Domyślne klucze kryptograficzne w urządzeniach Sprecher Automation SPRECON-E
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to t...
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a lo...
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker wi...
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been iden...